dc77fa8e83f68a3ab715dfd358f10423_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc77fa8e83f68a3ab715dfd358f10423_JaffaCakes118
Size

12KB
MD5

dc77fa8e83f68a3ab715dfd358f10423
SHA1

6d281946c5022529bfbcb9792f079aeefc079da4
SHA256

1b19fb95276892a92ca8c04d62a710f928c76622a0517db0fc4ce1a4d0c68c7b
SHA512

a7c42e1df6f726c68bc285055899f3db50a87b66390c31072840aab733aab5ae752b77003044e166fa3ecc144a0ce6354e56cc335e3ea22ded874460138da821
SSDEEP

192:7FvbRBgtgQs6ZXuwabzdE8PwXeYe1d9nilkrPII0n+Y7rp8qx9:ZNBgvs6Z+wabzdEewceKC+Y7Vx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc77fa8e83f68a3ab715dfd358f10423_JaffaCakes118

Files

dc77fa8e83f68a3ab715dfd358f10423_JaffaCakes118
.dll windows:1 windows x86 arch:x86

e8a745a8ff14bfd3a0b85a564759cc82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

ntohs

kernel32

ExitProcess
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentStringsA
GetLastError
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
CloseHandle
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
LoadLibraryA
OpenProcess
RtlUnwind
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualProtect
WideCharToMultiByte
WriteProcessMemory

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

crtdll

_fdopen
_open_osfhandle
atoi
atol
fclose
_cexit
malloc
memcmp
memcpy
memset
pow
printf
raise
setbuf
strcat
strcmp
strcpy
strncpy
strstr

Exports

Exports

_MyHideProcess@16
_MyNtDeviceIoControlFile@40
_MyNtResumeThread@8
_PaNTDeviceIoControlFile
_PaNTQueryInfor
_PaNTResumeThread

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 384B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 484B - Virtual size: 484B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE

.edata
Size: 296B - Virtual size: 296B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8a745a8ff14bfd3a0b85a564759cc82

Headers

File Characteristics

Imports

ws2_32

kernel32

advapi32

crtdll

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.bss Size: - Virtual size: 384B

.rdata Size: 84B - Virtual size: 84B

.data Size: 1KB - Virtual size: 1KB

.idata Size: 1KB - Virtual size: 1KB

.reloc Size: 484B - Virtual size: 484B

.edata Size: 296B - Virtual size: 296B

.text
Size: 6KB - Virtual size: 6KB

.bss
Size: - Virtual size: 384B

.rdata
Size: 84B - Virtual size: 84B

.data
Size: 1KB - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.reloc
Size: 484B - Virtual size: 484B

.edata
Size: 296B - Virtual size: 296B